ARTEMIS-4712 remove LDAP connection pooling

artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java

@@ -94,7 +94,6 @@ public class LDAPLoginModule implements AuditLoginModule {
       REFERRAL("referral"),
       IGNORE_PARTIAL_RESULT_EXCEPTION("ignorePartialResultException"),
       PASSWORD_CODEC("passwordCodec"),
-      CONNECTION_POOL("connectionPool"),
       CONNECTION_TIMEOUT("connectionTimeout"),
       READ_TIMEOUT("readTimeout"),
       NO_CACHE_EXCEPTIONS("noCacheExceptions");
@@ -660,9 +659,6 @@ public class LDAPLoginModule implements AuditLoginModule {
             env.put(Context.SECURITY_PROTOCOL, getLDAPPropertyValue(ConfigKey.CONNECTION_PROTOCOL));
             env.put(Context.PROVIDER_URL, getLDAPPropertyValue(ConfigKey.CONNECTION_URL));
             env.put(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(ConfigKey.AUTHENTICATION));
-            if (isLoginPropertySet(ConfigKey.CONNECTION_POOL)) {
-               env.put("com.sun.jndi.ldap.connect.pool", getLDAPPropertyValue(ConfigKey.CONNECTION_POOL));
-            }
             if (isLoginPropertySet(ConfigKey.CONNECTION_TIMEOUT)) {
                env.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(ConfigKey.CONNECTION_TIMEOUT));
             }

artemis-server/src/test/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModuleTest.java

@@ -32,15 +32,13 @@ import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import java.io.IOException;
+import java.lang.invoke.MethodHandles;
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.Set;
-import java.util.concurrent.Executor;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
 
 import org.apache.directory.server.annotations.CreateLdapServer;
@@ -48,13 +46,12 @@ import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.core.annotations.ApplyLdifFiles;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import java.lang.invoke.MethodHandles;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -139,57 +136,6 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
       assertTrue("sessions still active after logout", waitFor(() -> ldapServer.getLdapSessionManager().getSessions().length == 0));
    }
 
-   @Test
-   public void testLoginPooled() throws Exception {
-      CallbackHandler callbackHandler = callbacks -> {
-         for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof NameCallback) {
-               ((NameCallback) callbacks[i]).setName("first");
-            } else if (callbacks[i] instanceof PasswordCallback) {
-               ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
-            } else {
-               throw new UnsupportedCallbackException(callbacks[i]);
-            }
-         }
-      };
-
-      LoginContext context = new LoginContext("LDAPLoginPooled", callbackHandler);
-      context.login();
-      context.logout();
-
-      // again
-      context.login();
-      context.logout();
-
-      // new context
-      context = new LoginContext("LDAPLoginPooled", callbackHandler);
-      context.login();
-      context.logout();
-
-      Executor pool = Executors.newCachedThreadPool();
-      for (int i = 0; i < 20; i++) {
-         pool.execute(() -> {
-            try {
-               LoginContext context1 = new LoginContext("LDAPLoginPooled", callbackHandler);
-               context1.login();
-               context1.logout();
-            } catch (Exception ignored) {
-            }
-         });
-      }
-
-      /*
-       * The number of sessions here is variable due to the pool used to create the LoginContext objects and the pooling
-       * for the LDAP connections (which are managed by the JVM implementation). We really just need to confirm that
-       * there are still connections to the LDAP server open even after all the LoginContext objects are closed as that
-       * will indicate the LDAP connection pooling is working.
-       */
-      assertTrue("not enough active sessions after logout", waitFor(() -> ldapServer.getLdapSessionManager().getSessions().length >= 5));
-
-      ((ExecutorService) pool).shutdown();
-      ((ExecutorService) pool).awaitTermination(2, TimeUnit.SECONDS);
-   }
-
    public interface Condition {
       boolean isSatisfied() throws Exception;
    }

artemis-server/src/test/resources/login.config

@@ -49,27 +49,6 @@ LDAPLogin {
         ;
 };
 
-LDAPLoginPooled {
-    org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
-        debug=true
-        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
-        connectionURL="ldap://localhost:1024"
-        connectionUsername="uid=admin,ou=system"
-        connectionPassword=secret
-        connectionProtocol=s
-        authentication=simple
-        userBase="ou=system"
-        userSearchMatching="(uid={0})"
-        userSearchSubtree=false
-        roleBase="ou=system"
-        roleName=cn
-        roleSearchMatching="(member=uid={1},ou=system)"
-        roleSearchSubtree=false
-        connectionPool=true
-        connectionTimeout="2000"
-        ;
-};
-
 UnAuthenticatedLDAPLogin {
     org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
         debug=true

docs/user-manual/security.adoc

@@ -616,10 +616,6 @@ currently, the only supported value is a blank string.
 In future, this option will allow you to select the Secure Socket Layer (SSL) for the connection to the directory server.
 This option must be set explicitly to an empty string, because it has no default value.
 
-connectionPool::
-boolean, enable the LDAP connection pool property 'com.sun.jndi.ldap.connect.pool'.
-Note that the pool is https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html[configured at the jvm level with system properties].
-
 connectionTimeout::
 specifies the string representation of an integer representing the connection timeout in milliseconds.
 If the LDAP provider cannot establish a connection within that period, it aborts the connection attempt.

docs/user-manual/versions.adoc

@@ -12,6 +12,23 @@ NOTE: If the upgrade spans multiple versions then the steps from *each* version
 
 NOTE: Follow the general upgrade procedure outlined in the xref:upgrading.adoc#upgrading-the-broker[Upgrading the Broker]  chapter in addition to any version-specific upgrade instructions outlined here.
 
+== 2.34.0
+
+https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=...[Full release notes]
+
+=== Highlights
+
+* A
+* B
+* C
+
+=== Upgrading from 2.33.0
+
+* Due to https://issues.apache.org/jira/browse/ARTEMIS-4712[ARTEMIS-4712] the connection pooling functionality configured via the `connectionPool` property in `login.config` is no longer supported in the `LDAPLoginModule`.
+The `login.config` may still use the `connectionPool` property.
+No error will be thrown.
+However, connections will no longer be pooled regardless of the configuration.
+
 == 2.33.0
 
 https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=12354184[Full release notes]